Date
Nov. 22, 2024, 6:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 39.056458] ================================================================== [ 39.057468] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec0 [ 39.058417] Write of size 121 at addr fff00000c63a3f00 by task kunit_try_catch/274 [ 39.059430] [ 39.059933] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 39.061281] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.062003] Hardware name: linux,dummy-virt (DT) [ 39.062707] Call trace: [ 39.063213] show_stack+0x20/0x38 (C) [ 39.064017] dump_stack_lvl+0x8c/0xd0 [ 39.064655] print_report+0x118/0x5e0 [ 39.065251] kasan_report+0xc8/0x118 [ 39.065982] kasan_check_range+0x100/0x1a8 [ 39.066739] __kasan_check_write+0x20/0x30 [ 39.067451] copy_user_test_oob+0x35c/0xec0 [ 39.068165] kunit_try_run_case+0x14c/0x3d0 [ 39.068881] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.069711] kthread+0x24c/0x2d0 [ 39.070342] ret_from_fork+0x10/0x20 [ 39.071003] [ 39.071354] Allocated by task 274: [ 39.072296] kasan_save_stack+0x3c/0x68 [ 39.072952] kasan_save_track+0x20/0x40 [ 39.073599] kasan_save_alloc_info+0x40/0x58 [ 39.074329] __kasan_kmalloc+0xd4/0xd8 [ 39.074960] __kmalloc_noprof+0x188/0x4c8 [ 39.075610] kunit_kmalloc_array+0x34/0x88 [ 39.076261] copy_user_test_oob+0xac/0xec0 [ 39.077056] kunit_try_run_case+0x14c/0x3d0 [ 39.077915] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.078720] kthread+0x24c/0x2d0 [ 39.079498] ret_from_fork+0x10/0x20 [ 39.080120] [ 39.080519] The buggy address belongs to the object at fff00000c63a3f00 [ 39.080519] which belongs to the cache kmalloc-128 of size 128 [ 39.082111] The buggy address is located 0 bytes inside of [ 39.082111] allocated 120-byte region [fff00000c63a3f00, fff00000c63a3f78) [ 39.083649] [ 39.084112] The buggy address belongs to the physical page: [ 39.084954] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063a3 [ 39.086077] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.086996] page_type: f5(slab) [ 39.087653] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 39.088713] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 39.089797] page dumped because: kasan: bad access detected [ 39.090595] [ 39.090982] Memory state around the buggy address: [ 39.091740] fff00000c63a3e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.092747] fff00000c63a3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.093680] >fff00000c63a3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.094721] ^ [ 39.095626] fff00000c63a3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.096530] fff00000c63a4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 39.097428] ================================================================== [ 39.142230] ================================================================== [ 39.143122] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec0 [ 39.144918] Write of size 121 at addr fff00000c63a3f00 by task kunit_try_catch/274 [ 39.145805] [ 39.146212] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 39.147253] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.147999] Hardware name: linux,dummy-virt (DT) [ 39.148984] Call trace: [ 39.150185] show_stack+0x20/0x38 (C) [ 39.151140] dump_stack_lvl+0x8c/0xd0 [ 39.151957] print_report+0x118/0x5e0 [ 39.152644] kasan_report+0xc8/0x118 [ 39.153289] kasan_check_range+0x100/0x1a8 [ 39.154026] __kasan_check_write+0x20/0x30 [ 39.154739] copy_user_test_oob+0x434/0xec0 [ 39.155461] kunit_try_run_case+0x14c/0x3d0 [ 39.156173] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.157020] kthread+0x24c/0x2d0 [ 39.157628] ret_from_fork+0x10/0x20 [ 39.158319] [ 39.158742] Allocated by task 274: [ 39.159314] kasan_save_stack+0x3c/0x68 [ 39.159947] kasan_save_track+0x20/0x40 [ 39.160592] kasan_save_alloc_info+0x40/0x58 [ 39.161417] __kasan_kmalloc+0xd4/0xd8 [ 39.162097] __kmalloc_noprof+0x188/0x4c8 [ 39.162813] kunit_kmalloc_array+0x34/0x88 [ 39.163514] copy_user_test_oob+0xac/0xec0 [ 39.164180] kunit_try_run_case+0x14c/0x3d0 [ 39.164888] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.165696] kthread+0x24c/0x2d0 [ 39.166290] ret_from_fork+0x10/0x20 [ 39.166942] [ 39.167300] The buggy address belongs to the object at fff00000c63a3f00 [ 39.167300] which belongs to the cache kmalloc-128 of size 128 [ 39.168913] The buggy address is located 0 bytes inside of [ 39.168913] allocated 120-byte region [fff00000c63a3f00, fff00000c63a3f78) [ 39.170516] [ 39.171005] The buggy address belongs to the physical page: [ 39.171806] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063a3 [ 39.172845] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.173741] page_type: f5(slab) [ 39.174326] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 39.175355] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 39.176343] page dumped because: kasan: bad access detected [ 39.177133] [ 39.177506] Memory state around the buggy address: [ 39.178318] fff00000c63a3e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.179345] fff00000c63a3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.180304] >fff00000c63a3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.181264] ^ [ 39.182227] fff00000c63a3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.183175] fff00000c63a4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 39.184121] ================================================================== [ 38.926636] ================================================================== [ 38.928258] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec0 [ 38.929101] Write of size 121 at addr fff00000c63a3f00 by task kunit_try_catch/274 [ 38.930513] [ 38.932159] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 38.934301] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.935048] Hardware name: linux,dummy-virt (DT) [ 38.935792] Call trace: [ 38.936327] show_stack+0x20/0x38 (C) [ 38.937076] dump_stack_lvl+0x8c/0xd0 [ 38.937702] print_report+0x118/0x5e0 [ 38.938303] kasan_report+0xc8/0x118 [ 38.939730] kasan_check_range+0x100/0x1a8 [ 38.941116] __kasan_check_write+0x20/0x30 [ 38.941960] copy_user_test_oob+0x234/0xec0 [ 38.943405] kunit_try_run_case+0x14c/0x3d0 [ 38.944321] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.945290] kthread+0x24c/0x2d0 [ 38.946831] ret_from_fork+0x10/0x20 [ 38.947749] [ 38.948079] Allocated by task 274: [ 38.948635] kasan_save_stack+0x3c/0x68 [ 38.949819] kasan_save_track+0x20/0x40 [ 38.950489] kasan_save_alloc_info+0x40/0x58 [ 38.951238] __kasan_kmalloc+0xd4/0xd8 [ 38.952042] __kmalloc_noprof+0x188/0x4c8 [ 38.952857] kunit_kmalloc_array+0x34/0x88 [ 38.954085] copy_user_test_oob+0xac/0xec0 [ 38.954837] kunit_try_run_case+0x14c/0x3d0 [ 38.955668] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.957577] kthread+0x24c/0x2d0 [ 38.958085] ret_from_fork+0x10/0x20 [ 38.958728] [ 38.959180] The buggy address belongs to the object at fff00000c63a3f00 [ 38.959180] which belongs to the cache kmalloc-128 of size 128 [ 38.960555] The buggy address is located 0 bytes inside of [ 38.960555] allocated 120-byte region [fff00000c63a3f00, fff00000c63a3f78) [ 38.962848] [ 38.963215] The buggy address belongs to the physical page: [ 38.965150] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063a3 [ 38.966383] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.967470] page_type: f5(slab) [ 38.968148] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 38.969726] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 38.970875] page dumped because: kasan: bad access detected [ 38.972184] [ 38.972419] Memory state around the buggy address: [ 38.974713] fff00000c63a3e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.976588] fff00000c63a3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.977198] >fff00000c63a3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 38.980351] ^ [ 38.981735] fff00000c63a3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.982750] fff00000c63a4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 38.986519] ================================================================== [ 39.099353] ================================================================== [ 39.100076] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec0 [ 39.102633] Read of size 121 at addr fff00000c63a3f00 by task kunit_try_catch/274 [ 39.103928] [ 39.104290] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 39.105994] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.106553] Hardware name: linux,dummy-virt (DT) [ 39.107190] Call trace: [ 39.107953] show_stack+0x20/0x38 (C) [ 39.108803] dump_stack_lvl+0x8c/0xd0 [ 39.109461] print_report+0x118/0x5e0 [ 39.110081] kasan_report+0xc8/0x118 [ 39.110755] kasan_check_range+0x100/0x1a8 [ 39.111425] __kasan_check_read+0x20/0x30 [ 39.112020] copy_user_test_oob+0x3c8/0xec0 [ 39.112898] kunit_try_run_case+0x14c/0x3d0 [ 39.113610] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.114519] kthread+0x24c/0x2d0 [ 39.115120] ret_from_fork+0x10/0x20 [ 39.115825] [ 39.116160] Allocated by task 274: [ 39.116680] kasan_save_stack+0x3c/0x68 [ 39.117314] kasan_save_track+0x20/0x40 [ 39.117871] kasan_save_alloc_info+0x40/0x58 [ 39.118352] __kasan_kmalloc+0xd4/0xd8 [ 39.118932] __kmalloc_noprof+0x188/0x4c8 [ 39.119639] kunit_kmalloc_array+0x34/0x88 [ 39.120415] copy_user_test_oob+0xac/0xec0 [ 39.121293] kunit_try_run_case+0x14c/0x3d0 [ 39.122039] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.122854] kthread+0x24c/0x2d0 [ 39.123497] ret_from_fork+0x10/0x20 [ 39.124110] [ 39.124456] The buggy address belongs to the object at fff00000c63a3f00 [ 39.124456] which belongs to the cache kmalloc-128 of size 128 [ 39.126033] The buggy address is located 0 bytes inside of [ 39.126033] allocated 120-byte region [fff00000c63a3f00, fff00000c63a3f78) [ 39.127411] [ 39.127761] The buggy address belongs to the physical page: [ 39.128576] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063a3 [ 39.129693] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.130591] page_type: f5(slab) [ 39.131096] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 39.132038] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 39.132966] page dumped because: kasan: bad access detected [ 39.133859] [ 39.134194] Memory state around the buggy address: [ 39.134856] fff00000c63a3e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.135771] fff00000c63a3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.136587] >fff00000c63a3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.137531] ^ [ 39.138470] fff00000c63a3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.139333] fff00000c63a4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 39.140323] ================================================================== [ 38.996181] ================================================================== [ 38.997292] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec0 [ 38.998117] Read of size 121 at addr fff00000c63a3f00 by task kunit_try_catch/274 [ 38.999595] [ 39.000741] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 39.002143] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.003567] Hardware name: linux,dummy-virt (DT) [ 39.004130] Call trace: [ 39.004828] show_stack+0x20/0x38 (C) [ 39.005472] dump_stack_lvl+0x8c/0xd0 [ 39.006209] print_report+0x118/0x5e0 [ 39.006810] kasan_report+0xc8/0x118 [ 39.007323] kasan_check_range+0x100/0x1a8 [ 39.008074] __kasan_check_read+0x20/0x30 [ 39.008761] copy_user_test_oob+0x728/0xec0 [ 39.009826] kunit_try_run_case+0x14c/0x3d0 [ 39.010609] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.012077] kthread+0x24c/0x2d0 [ 39.013000] ret_from_fork+0x10/0x20 [ 39.013677] [ 39.014515] Allocated by task 274: [ 39.014816] kasan_save_stack+0x3c/0x68 [ 39.015121] kasan_save_track+0x20/0x40 [ 39.015409] kasan_save_alloc_info+0x40/0x58 [ 39.016026] __kasan_kmalloc+0xd4/0xd8 [ 39.016630] __kmalloc_noprof+0x188/0x4c8 [ 39.017405] kunit_kmalloc_array+0x34/0x88 [ 39.018856] copy_user_test_oob+0xac/0xec0 [ 39.019884] kunit_try_run_case+0x14c/0x3d0 [ 39.021259] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.022864] kthread+0x24c/0x2d0 [ 39.023836] ret_from_fork+0x10/0x20 [ 39.024149] [ 39.024323] The buggy address belongs to the object at fff00000c63a3f00 [ 39.024323] which belongs to the cache kmalloc-128 of size 128 [ 39.027402] The buggy address is located 0 bytes inside of [ 39.027402] allocated 120-byte region [fff00000c63a3f00, fff00000c63a3f78) [ 39.030144] [ 39.030585] The buggy address belongs to the physical page: [ 39.031508] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063a3 [ 39.032746] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.033854] page_type: f5(slab) [ 39.034271] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 39.035668] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 39.036929] page dumped because: kasan: bad access detected [ 39.037963] [ 39.038385] Memory state around the buggy address: [ 39.039536] fff00000c63a3e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.040619] fff00000c63a3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.042814] >fff00000c63a3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.044137] ^ [ 39.045581] fff00000c63a3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.046105] fff00000c63a4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 39.046705] ================================================================== [ 39.185814] ================================================================== [ 39.187396] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec0 [ 39.188106] Read of size 121 at addr fff00000c63a3f00 by task kunit_try_catch/274 [ 39.188707] [ 39.189130] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 39.191065] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.191715] Hardware name: linux,dummy-virt (DT) [ 39.192388] Call trace: [ 39.192902] show_stack+0x20/0x38 (C) [ 39.193826] dump_stack_lvl+0x8c/0xd0 [ 39.194544] print_report+0x118/0x5e0 [ 39.195105] kasan_report+0xc8/0x118 [ 39.195674] kasan_check_range+0x100/0x1a8 [ 39.196268] __kasan_check_read+0x20/0x30 [ 39.196849] copy_user_test_oob+0x4a0/0xec0 [ 39.197679] kunit_try_run_case+0x14c/0x3d0 [ 39.198364] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.199289] kthread+0x24c/0x2d0 [ 39.199956] ret_from_fork+0x10/0x20 [ 39.200547] [ 39.200918] Allocated by task 274: [ 39.201578] kasan_save_stack+0x3c/0x68 [ 39.202147] kasan_save_track+0x20/0x40 [ 39.202855] kasan_save_alloc_info+0x40/0x58 [ 39.203398] __kasan_kmalloc+0xd4/0xd8 [ 39.204025] __kmalloc_noprof+0x188/0x4c8 [ 39.204756] kunit_kmalloc_array+0x34/0x88 [ 39.205368] copy_user_test_oob+0xac/0xec0 [ 39.206191] kunit_try_run_case+0x14c/0x3d0 [ 39.206907] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.207548] kthread+0x24c/0x2d0 [ 39.208238] ret_from_fork+0x10/0x20 [ 39.208851] [ 39.209168] The buggy address belongs to the object at fff00000c63a3f00 [ 39.209168] which belongs to the cache kmalloc-128 of size 128 [ 39.210815] The buggy address is located 0 bytes inside of [ 39.210815] allocated 120-byte region [fff00000c63a3f00, fff00000c63a3f78) [ 39.212351] [ 39.212713] The buggy address belongs to the physical page: [ 39.213609] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063a3 [ 39.214606] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.215405] page_type: f5(slab) [ 39.216134] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 39.216993] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 39.217455] page dumped because: kasan: bad access detected [ 39.218406] [ 39.218851] Memory state around the buggy address: [ 39.219595] fff00000c63a3e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.220544] fff00000c63a3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.221376] >fff00000c63a3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.222151] ^ [ 39.223094] fff00000c63a3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.224099] fff00000c63a4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 39.224954] ==================================================================
[ 32.290157] ================================================================== [ 32.293013] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4ab/0x10f0 [ 32.293971] Read of size 121 at addr ffff888101ac2800 by task kunit_try_catch/293 [ 32.295320] [ 32.295606] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 32.297146] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.297998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.298951] Call Trace: [ 32.299225] <TASK> [ 32.299598] dump_stack_lvl+0x73/0xb0 [ 32.300138] print_report+0xd1/0x640 [ 32.300766] ? __virt_addr_valid+0x1db/0x2d0 [ 32.301402] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.302101] kasan_report+0x102/0x140 [ 32.302861] ? copy_user_test_oob+0x4ab/0x10f0 [ 32.303535] ? copy_user_test_oob+0x4ab/0x10f0 [ 32.304063] kasan_check_range+0x10c/0x1c0 [ 32.304806] __kasan_check_read+0x15/0x20 [ 32.305423] copy_user_test_oob+0x4ab/0x10f0 [ 32.305992] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.306904] ? finish_task_switch.isra.0+0x153/0x700 [ 32.307492] ? __switch_to+0x5d9/0xf60 [ 32.307859] ? irqentry_exit+0x2a/0x60 [ 32.308221] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 32.309404] ? trace_hardirqs_on+0x37/0xe0 [ 32.309761] ? __pfx_read_tsc+0x10/0x10 [ 32.310327] ? ktime_get_ts64+0x84/0x230 [ 32.311472] kunit_try_run_case+0x1b3/0x490 [ 32.311886] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.312489] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.313087] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 32.313729] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 32.314482] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.314922] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.315692] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.316395] kthread+0x257/0x310 [ 32.316964] ? __pfx_kthread+0x10/0x10 [ 32.317727] ret_from_fork+0x41/0x80 [ 32.318126] ? __pfx_kthread+0x10/0x10 [ 32.318761] ret_from_fork_asm+0x1a/0x30 [ 32.319247] </TASK> [ 32.319454] [ 32.319679] Allocated by task 293: [ 32.319962] kasan_save_stack+0x3d/0x60 [ 32.320387] kasan_save_track+0x18/0x40 [ 32.320722] kasan_save_alloc_info+0x3b/0x50 [ 32.321914] __kasan_kmalloc+0xb7/0xc0 [ 32.322494] __kmalloc_noprof+0x1c4/0x500 [ 32.322874] kunit_kmalloc_array+0x25/0x60 [ 32.323594] copy_user_test_oob+0xac/0x10f0 [ 32.324009] kunit_try_run_case+0x1b3/0x490 [ 32.325106] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.325500] kthread+0x257/0x310 [ 32.325924] ret_from_fork+0x41/0x80 [ 32.326689] ret_from_fork_asm+0x1a/0x30 [ 32.327240] [ 32.327519] The buggy address belongs to the object at ffff888101ac2800 [ 32.327519] which belongs to the cache kmalloc-128 of size 128 [ 32.328835] The buggy address is located 0 bytes inside of [ 32.328835] allocated 120-byte region [ffff888101ac2800, ffff888101ac2878) [ 32.329978] [ 32.330692] The buggy address belongs to the physical page: [ 32.330999] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ac2 [ 32.331986] flags: 0x200000000000000(node=0|zone=2) [ 32.332450] page_type: f5(slab) [ 32.333483] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.334000] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 32.334782] page dumped because: kasan: bad access detected [ 32.335549] [ 32.335723] Memory state around the buggy address: [ 32.336552] ffff888101ac2700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.337018] ffff888101ac2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.337600] >ffff888101ac2800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.338209] ^ [ 32.338720] ffff888101ac2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.339867] ffff888101ac2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.340682] ================================================================== [ 32.387806] ================================================================== [ 32.388343] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x605/0x10f0 [ 32.389002] Read of size 121 at addr ffff888101ac2800 by task kunit_try_catch/293 [ 32.390605] [ 32.391228] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 32.392397] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.392850] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.393924] Call Trace: [ 32.394567] <TASK> [ 32.394881] dump_stack_lvl+0x73/0xb0 [ 32.395287] print_report+0xd1/0x640 [ 32.395863] ? __virt_addr_valid+0x1db/0x2d0 [ 32.396309] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.397161] kasan_report+0x102/0x140 [ 32.397769] ? copy_user_test_oob+0x605/0x10f0 [ 32.398493] ? copy_user_test_oob+0x605/0x10f0 [ 32.399208] kasan_check_range+0x10c/0x1c0 [ 32.399940] __kasan_check_read+0x15/0x20 [ 32.400618] copy_user_test_oob+0x605/0x10f0 [ 32.400975] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.401799] ? finish_task_switch.isra.0+0x153/0x700 [ 32.402462] ? __switch_to+0x5d9/0xf60 [ 32.402864] ? irqentry_exit+0x2a/0x60 [ 32.403898] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 32.404409] ? trace_hardirqs_on+0x37/0xe0 [ 32.405092] ? __pfx_read_tsc+0x10/0x10 [ 32.405856] ? ktime_get_ts64+0x84/0x230 [ 32.406483] kunit_try_run_case+0x1b3/0x490 [ 32.407123] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.407937] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.408599] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 32.409243] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 32.410007] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.410495] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.411020] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.411433] kthread+0x257/0x310 [ 32.411876] ? __pfx_kthread+0x10/0x10 [ 32.412448] ret_from_fork+0x41/0x80 [ 32.412834] ? __pfx_kthread+0x10/0x10 [ 32.413331] ret_from_fork_asm+0x1a/0x30 [ 32.413668] </TASK> [ 32.413966] [ 32.414269] Allocated by task 293: [ 32.414639] kasan_save_stack+0x3d/0x60 [ 32.415114] kasan_save_track+0x18/0x40 [ 32.415599] kasan_save_alloc_info+0x3b/0x50 [ 32.415945] __kasan_kmalloc+0xb7/0xc0 [ 32.416427] __kmalloc_noprof+0x1c4/0x500 [ 32.416880] kunit_kmalloc_array+0x25/0x60 [ 32.417162] copy_user_test_oob+0xac/0x10f0 [ 32.417648] kunit_try_run_case+0x1b3/0x490 [ 32.418183] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.418754] kthread+0x257/0x310 [ 32.419102] ret_from_fork+0x41/0x80 [ 32.419585] ret_from_fork_asm+0x1a/0x30 [ 32.419893] [ 32.420054] The buggy address belongs to the object at ffff888101ac2800 [ 32.420054] which belongs to the cache kmalloc-128 of size 128 [ 32.421144] The buggy address is located 0 bytes inside of [ 32.421144] allocated 120-byte region [ffff888101ac2800, ffff888101ac2878) [ 32.421747] [ 32.422004] The buggy address belongs to the physical page: [ 32.422579] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ac2 [ 32.423356] flags: 0x200000000000000(node=0|zone=2) [ 32.423877] page_type: f5(slab) [ 32.424319] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.424841] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 32.425460] page dumped because: kasan: bad access detected [ 32.426011] [ 32.426171] Memory state around the buggy address: [ 32.426501] ffff888101ac2700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.427187] ffff888101ac2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.427917] >ffff888101ac2800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.428614] ^ [ 32.429189] ffff888101ac2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.429849] ffff888101ac2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.430460] ================================================================== [ 32.342131] ================================================================== [ 32.342926] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x558/0x10f0 [ 32.343257] Write of size 121 at addr ffff888101ac2800 by task kunit_try_catch/293 [ 32.343624] [ 32.343804] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 32.344171] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.344313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.344560] Call Trace: [ 32.344671] <TASK> [ 32.344772] dump_stack_lvl+0x73/0xb0 [ 32.346065] print_report+0xd1/0x640 [ 32.346673] ? __virt_addr_valid+0x1db/0x2d0 [ 32.347206] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.347858] kasan_report+0x102/0x140 [ 32.348513] ? copy_user_test_oob+0x558/0x10f0 [ 32.349174] ? copy_user_test_oob+0x558/0x10f0 [ 32.349861] kasan_check_range+0x10c/0x1c0 [ 32.350483] __kasan_check_write+0x18/0x20 [ 32.351078] copy_user_test_oob+0x558/0x10f0 [ 32.351697] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.352331] ? finish_task_switch.isra.0+0x153/0x700 [ 32.352983] ? __switch_to+0x5d9/0xf60 [ 32.353499] ? irqentry_exit+0x2a/0x60 [ 32.354047] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 32.354675] ? trace_hardirqs_on+0x37/0xe0 [ 32.355091] ? __pfx_read_tsc+0x10/0x10 [ 32.355427] ? ktime_get_ts64+0x84/0x230 [ 32.356223] kunit_try_run_case+0x1b3/0x490 [ 32.356649] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.357103] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.358043] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 32.358684] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 32.359414] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.359998] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.360506] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.360982] kthread+0x257/0x310 [ 32.361908] ? __pfx_kthread+0x10/0x10 [ 32.362254] ret_from_fork+0x41/0x80 [ 32.362976] ? __pfx_kthread+0x10/0x10 [ 32.363719] ret_from_fork_asm+0x1a/0x30 [ 32.364161] </TASK> [ 32.364672] [ 32.364918] Allocated by task 293: [ 32.365963] kasan_save_stack+0x3d/0x60 [ 32.366322] kasan_save_track+0x18/0x40 [ 32.366611] kasan_save_alloc_info+0x3b/0x50 [ 32.367086] __kasan_kmalloc+0xb7/0xc0 [ 32.368026] __kmalloc_noprof+0x1c4/0x500 [ 32.368464] kunit_kmalloc_array+0x25/0x60 [ 32.368871] copy_user_test_oob+0xac/0x10f0 [ 32.370081] kunit_try_run_case+0x1b3/0x490 [ 32.370431] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.371004] kthread+0x257/0x310 [ 32.371660] ret_from_fork+0x41/0x80 [ 32.372388] ret_from_fork_asm+0x1a/0x30 [ 32.372758] [ 32.372943] The buggy address belongs to the object at ffff888101ac2800 [ 32.372943] which belongs to the cache kmalloc-128 of size 128 [ 32.374400] The buggy address is located 0 bytes inside of [ 32.374400] allocated 120-byte region [ffff888101ac2800, ffff888101ac2878) [ 32.375210] [ 32.375890] The buggy address belongs to the physical page: [ 32.376181] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ac2 [ 32.377131] flags: 0x200000000000000(node=0|zone=2) [ 32.378098] page_type: f5(slab) [ 32.378356] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.379030] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 32.380056] page dumped because: kasan: bad access detected [ 32.380808] [ 32.381037] Memory state around the buggy address: [ 32.381430] ffff888101ac2700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.382181] ffff888101ac2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.382843] >ffff888101ac2800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.383721] ^ [ 32.384315] ffff888101ac2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.385090] ffff888101ac2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.386250] ================================================================== [ 32.250382] ================================================================== [ 32.250995] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fe/0x10f0 [ 32.251612] Write of size 121 at addr ffff888101ac2800 by task kunit_try_catch/293 [ 32.252392] [ 32.252690] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 32.253456] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.253834] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.254804] Call Trace: [ 32.255037] <TASK> [ 32.255459] dump_stack_lvl+0x73/0xb0 [ 32.256019] print_report+0xd1/0x640 [ 32.256451] ? __virt_addr_valid+0x1db/0x2d0 [ 32.256972] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.257494] kasan_report+0x102/0x140 [ 32.258076] ? copy_user_test_oob+0x3fe/0x10f0 [ 32.258583] ? copy_user_test_oob+0x3fe/0x10f0 [ 32.259065] kasan_check_range+0x10c/0x1c0 [ 32.259639] __kasan_check_write+0x18/0x20 [ 32.260092] copy_user_test_oob+0x3fe/0x10f0 [ 32.260656] ? __pfx_copy_user_test_oob+0x10/0x10 [ 32.261108] ? finish_task_switch.isra.0+0x153/0x700 [ 32.261655] ? __switch_to+0x5d9/0xf60 [ 32.262252] ? irqentry_exit+0x2a/0x60 [ 32.262685] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 32.263281] ? trace_hardirqs_on+0x37/0xe0 [ 32.263634] ? __pfx_read_tsc+0x10/0x10 [ 32.264087] ? ktime_get_ts64+0x84/0x230 [ 32.264779] kunit_try_run_case+0x1b3/0x490 [ 32.265229] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.265787] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 32.266331] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 32.266897] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 32.267382] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.267899] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.268524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.269111] kthread+0x257/0x310 [ 32.269547] ? __pfx_kthread+0x10/0x10 [ 32.269947] ret_from_fork+0x41/0x80 [ 32.270222] ? __pfx_kthread+0x10/0x10 [ 32.270501] ret_from_fork_asm+0x1a/0x30 [ 32.271050] </TASK> [ 32.271330] [ 32.271569] Allocated by task 293: [ 32.272064] kasan_save_stack+0x3d/0x60 [ 32.272479] kasan_save_track+0x18/0x40 [ 32.272934] kasan_save_alloc_info+0x3b/0x50 [ 32.273426] __kasan_kmalloc+0xb7/0xc0 [ 32.273968] __kmalloc_noprof+0x1c4/0x500 [ 32.274414] kunit_kmalloc_array+0x25/0x60 [ 32.274686] copy_user_test_oob+0xac/0x10f0 [ 32.275114] kunit_try_run_case+0x1b3/0x490 [ 32.275844] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.276645] kthread+0x257/0x310 [ 32.276949] ret_from_fork+0x41/0x80 [ 32.277484] ret_from_fork_asm+0x1a/0x30 [ 32.277919] [ 32.278189] The buggy address belongs to the object at ffff888101ac2800 [ 32.278189] which belongs to the cache kmalloc-128 of size 128 [ 32.279088] The buggy address is located 0 bytes inside of [ 32.279088] allocated 120-byte region [ffff888101ac2800, ffff888101ac2878) [ 32.279760] [ 32.280038] The buggy address belongs to the physical page: [ 32.280546] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ac2 [ 32.281314] flags: 0x200000000000000(node=0|zone=2) [ 32.281993] page_type: f5(slab) [ 32.282373] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 32.283065] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 32.284061] page dumped because: kasan: bad access detected [ 32.284526] [ 32.284804] Memory state around the buggy address: [ 32.285393] ffff888101ac2700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.285945] ffff888101ac2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.286761] >ffff888101ac2800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.287247] ^ [ 32.287921] ffff888101ac2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.288381] ffff888101ac2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.288749] ==================================================================